In the last episode (Oct 31), Ivan Voras said:
> [EMAIL PROTECTED] wrote:
>
> > add 10510 allow icmp from any to any out via oif() keep-state
>
> I don't think ICMP is stateful :)
>
> You need both in and out rules for ICMP because the logical responses
> to packets can't be reliably connected into a single communication.
I use "allow icmp from any to any icmptypes 0,3,11,12 in"
those types being "echo reply", "destination unreachable",
"time-to-live exceeded", and "IP header bad".
--
Dan Nelson
[EMAIL PROTECTED]
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
